Known Vulnerabilities for products from Apereo
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Apereo".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-32985 json | Xerte Online Toolkits versions 3.14 and earlier contain an unauthenticated arbitrary file upload vulnerability in the templat... | Not Provided | 2026-03-20 | 2026-04-16 |
| CVE-2023-28857 json | Apereo CAS is an open source multilingual single sign-on solution for the web. Apereo CAS can be configured to use authentica... | 7.5 - HIGH | 2023-06-27 | 2023-07-06 |
| CVE-2023-4612 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 9.8 - CRITICAL | 2023-11-09 | 2023-11-17 |
| CVE-2022-41965 json | Opencast is a free, open-source platform to support the management of educational audio and video content. Prior to Opencast ... | 6.1 - MEDIUM | 2022-11-28 | 2022-12-01 |
| CVE-2022-39369 json | phpCAS is an authentication library that allows PHP applications to easily authenticate users via a Central Authentication Se... | 8 - HIGH | 2022-11-01 | 2023-11-07 |
| CVE-2022-29237 json | Opencast is a free and open source solution for automated video capture and distribution at scale. Prior to Opencast 10.14 an... | 5.4 - MEDIUM | 2022-05-24 | 2022-06-07 |
| CVE-2021-43821 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 7.7 - HIGH | 2021-12-14 | 2021-12-20 |
| CVE-2021-43807 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 6.5 - MEDIUM | 2021-12-14 | 2021-12-20 |
| CVE-2021-42567 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 6.1 - MEDIUM | 2021-12-07 | 2021-12-09 |
| CVE-2021-32623 json | Opencast is a free and open source solution for automated video capture and distribution. Versions of Opencast prior to 9.6 a... | 6.5 - MEDIUM | 2021-06-16 | 2021-06-23 |
| CVE-2021-21318 json | Opencast is a free, open-source platform to support the management of educational audio and video content. In Opencast before... | 5.4 - MEDIUM | 2021-02-18 | 2021-02-26 |
| CVE-2020-27178 json | Apereo CAS 5.3.x before 5.3.16, 6.x before 6.1.7.2, 6.2.x before 6.2.4, and 6.3.x before 6.3.0-RC4 mishandles secret keys wit... | 7.5 - HIGH | 2020-10-16 | 2021-07-21 |
| CVE-2020-26234 json | Opencast before versions 8.9 and 7.9 disables HTTPS hostname verification of its HTTP client used for a large portion of Open... | 4.8 - MEDIUM | 2020-12-08 | 2020-12-10 |
| CVE-2020-5231 json | In Opencast before 7.6 and 8.1, users with the role ROLE_COURSE_ADMIN can use the user-utils endpoint to create new users not... | 6.5 - MEDIUM | 2020-01-30 | 2020-02-10 |
| CVE-2020-5230 json | Opencast before 8.1 and 7.6 allows almost arbitrary identifiers for media packages and elements to be used. This can be probl... | 7.5 - HIGH | 2020-01-30 | 2020-02-10 |
| CVE-2020-5229 json | Opencast before 8.1 stores passwords using the rather outdated and cryptographically insecure MD5 hash algorithm. Furthermore... | 8.1 - HIGH | 2020-01-30 | 2020-02-05 |
| CVE-2020-5228 json | Opencast before 8.1 and 7.6 allows unauthorized public access to all media and metadata by default via OAI-PMH. OAI-PMH is pa... | 7.5 - HIGH | 2020-01-30 | 2020-02-05 |
| CVE-2020-5222 json | Opencast before 7.6 and 8.1 enables a remember-me cookie based on a hash created from the username, password, and an addition... | 8.8 - HIGH | 2020-01-30 | 2020-02-05 |
| CVE-2020-5206 json | In Opencast before 7.6 and 8.1, using a remember-me cookie with an arbitrary username can cause Opencast to assume proper aut... | 10 - CRITICAL | 2020-01-30 | 2020-02-05 |
| CVE-2019-10754 json | Multiple classes used within Apereo CAS before release 6.1.0-RC5 makes use of apache commons-lang3 RandomStringUtils for toke... | 8.1 - HIGH | 2019-09-23 | 2019-09-24 |
Known software with vulnerabilities from Apereo
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Apereo | .net Cas Client | 1.0.2 |
| Application | Apereo | Bedework | 3.4.1 |
| Application | Apereo | Bw-calendar-engine | 3.12.0 |
| Application | Apereo | Bw-webdav | 3.4.1 |
| Application | Apereo | Cas Server | 3.4.12.1 |
| Application | Apereo | Central Authentication Service | 3.0 |
| Application | Apereo | Java Cas Client | 3.3.2 |
| Application | Apereo | Opencast | 1.3.0 |
| Application | Apereo | Phpcas | 0.2 |
| Application | Apereo | Uportal | 3.2.5 |